…
The judge in Charlotte, N.C., acted after a petition
from the Charlotte Observer to make the documents public.

Included
are 529 requests from local Charlotte-Mecklenburg police asking
judges to approve the use of a technology known as StingRay, which
allows cellphone surveillance.

…
The records date back to 2010, meaning police made requests roughly
twice a week. There were no records before 2010. The police
requests are “rarely, if
ever” denied, the Observer reported, and judges
at times appeared to not know exactly what they were authorizing.

As a
result, the Mecklenburg County District Attorney’s Office, which
had not previously seen the documents, will review each
case in which the technology was used.

How
should you deal with “used to be” customers? OR What procedure
should be followed to ensure you don't “over delete?”

A federal judge in San Jose just delivered Apple Inc. a double whammy
in proposed class actions over a glitch that prevented the delivery
of text messages to users who switched to non-Apple devices.

[…]

On Wednesday she declined to dismiss claims in a separate lawsuit
alleging privacy intrusions under the Wiretap Act—claims that carry
statutory damages of up to $10,000 per violation.

“Plaintiffs have sufficiently alleged a viable cause of action
under the Wiretap Act for [Apple]’s intentional
interception of text messages from current to former Apple
device users,” she wrote in Backhaut v. Apple, 14-2285.

…
By the end of the decade, one in five vehicles on the road will be
connected to the Internet.

But
for consumers to welcome these advances, they need to be sure their
personal data will be handled in a trustworthy manner, as early
research shows that considerable numbers of new car buyers are
concerned
about data privacy when it comes to car connectivity.

…
A new and timely study, "The
Connected Car and Privacy: Navigating New Data Issues,"
seeks to provide policymakers and all stakeholders with an overview
of the various technologies currently available in cars and
identifies the types of data collected and the purposes for which it
is collected.

For
my students, the most common cause of “I can't do math” syndrome
seems to be the ability (or inability) of their early Math teachers
to understand (or at least be comfortable with) math. If they had
teachers who read “the one and only way” from the math textbook
but could not handle the inevitable “Why?” they were doom to
believe that “math is too hard for normal people.”

“Much
has been written in the past two decades about women in academic
science careers, but this literature is contradictory. Many analyses
have revealed a level playing field, with men and women faring
equally, whereas other analyses have suggested numerous areas in
which the playing field is not level. The only widely-agreed-upon
conclusion is that women are underrepresented in college majors,
graduate school programs, and the professoriate in those fields that
are the most mathematically intensive, such as geoscience,
engineering, economics, mathematics/computer science, and the
physical sciences.

…
The results of our myriad analyses reveal that early sex differences
in spatial and mathematical reasoning need not stem from biological
bases, that the gap between average female and male math ability is
narrowing (suggesting strong environmental influences), and that sex
differences in math ability at the right tail show variation over
time and across nationalities, ethnicities, and other factors,
indicating that the ratio of males to females at the right tail can
and does change.

…
Importantly, of those who obtain doctorates in math-intensive
fields, men and women entering the professoriate have equivalent
access to tenure-track academic jobs in science, and they persist and
are remunerated at comparable rates—with some caveats that we
discuss. The transition from graduate programs to assistant
professorships shows more pipeline leakage in the fields in which
women are already very prevalent (psychology, life science, social
science) than in the math-intensive fields in which they are
underrepresented but in which the number of females holding assistant
professorships is at least commensurate with (if not greater than)
that of males. That is, invitations to interview for tenure-track
positions in math-intensive fields—as well as actual employment
offers—reveal that female PhD applicants fare at least as well as
their male counterparts in math-intensive fields.”

Perhaps
we could create an infographic like this to let everyone know about
our research & development!

…
The White House
also hosted superintendents this week to sign a “Future
Ready” pledge, promising to buy more digital stuff from
textbook publishers and tech companies and telecoms. Because future.

…
LAUSD
has argued
that a middle schooler can consent
to sex with a teacher.
The case involves a 14 year old student and her 28 year old student.
The district, which is being sued by the girl’s family for
negligence, says that the girl bears some responsibility.

…
Back from the dead! LAUSD
has not
canceled all its contract with Apple
and Pearson
apparently, and the district will spend $22 million to buy 20,000
iPads just in time for spring standardized
testing season.
But this time around, instead of spending $504 per device, the
district will pay $552 per iPad.

…
Not to miss out on the PR
opportunity, edX
is also
offering free certificates
for teacher training.

…
The Gates Foundation
has adopted
an open access
policy “that enables the unrestricted access and reuse of all
peer-reviewed published research funded, in whole or in part, by the
foundation, including any underlying data sets.”

…
Not to let LAUSD’s
student information system get all the laughs, New
York City says it’s dumping the system it spent $95 million on.

…
According to a study
by Augenblick, Palaich and Associates, a Denver education research
firm, “Colorado state
government and school districts spend up to $78 million a
year on testing, and some kind of standardized testing takes
place during every week of the school year.”

Friday, November 21, 2014

As
feature releases go, this is not exactly a killer, but to my surprise
it was one that was requested quite frequently. It turns out that
people really wanted to be able to keep abreast of new breaches and
pastes in Have I been pwned?
(HIBP) via RSS. Not only is that a perfectly reasonable request, but
it was also an easy one to get on top of so here it is!

There
are two RSS feeds both linked in from various places on the site
including in the navigation. For your RSS’ing convenience, they
are both available as direct links here:

I
choose these numbers because pastes appear very frequently –
sometimes dozens per day – whilst breaches being a highly manual
process means I do maybe only a couple a month on average. Both
feeds have their own attractions, breaches because it’s always a
serious volume of data from a verified event and pastes because if
you’re like me, I’m kinda curious to see the sort of data that’s
continuously being dumped onto Pastebin.

Internet
privacy is on the minds of many people including those who normally
don’t pay much attention to technology. No one wants to think
they’re being watched without consent or being boiled down to
numbers in a database. Yet two of the main companies offering
popular web browsers, Google and Microsoft, sit on the wrong side of
the privacy issue. Both have an interest in what you do online and
Google in particular is often unapologetic about its collection of
data.

Fortunately
there’s a browser that does care about your privacy; Firefox.

Would
it be legal for me to use this technology as an individual? If so, I
know where I can buy a few thousand “recorders” for next to
nothing.

The
company's plan was to change the way we watch TV. It was delivering
broadcast TV through the internet. To do this without permission
from TV companies, it thought it found a legal loophole that involved
using antennas.

Christine
Lagarde, Managing Director, IMF “…Finally, let me turn to
another very important aspect of the IMF’s statistical work—data
publication. We very much recognize the importance of data as a
public good. In this context, we are upgrading our data
platforms and improving the way we distribute data and statistics to
our membership throughout the world. Think of the One African
Data Hub that the IMF has recently launched in collaboration
with the African Development Bank. This is a “cloud-based” data
reporting tool that makes it less onerous for reporters to provide
economic data, and much easier for users to share data. Much of our
data is already freely available. This is especially true of the
data that supports our main forecasts for the global economy in the
World
Economic Outlook. And I have an important announcement to
make—starting
January 1, 2015 we will provide all our online data free-of-charge to
everyone. This will help all those who draw on our
data make better use of this vital statistical resource—from budget
numbers to balance of payments data, debt statistics to critical
global indicators. The IMF will continue to be a vital source of
public information that is needed to underpin sound policy
decisions.”

An
article for all my students and the faculty. Tips and tools for
learning.

Suppose
you’re on a game show, and you’re given the choice of three
doors: Behind one door is a car; behind the others, goats. You pick
a door, say No. 1, and the host, who knows what’s behind the doors,
opens another door, say No. 3, which has a goat. He then says to
you, “Do you want to pick door No. 2?” Is it to your advantage
to switch your choice?

I
can rest easy. According to this article, I do everything
bass-ackwards!

Thursday, November 20, 2014

You
can't rely on those “assurances” released with initial details of
a breach. It seems the damage is always worse than initially
suspected. Another way to look at it: How can they even hit that
they know the extent of the breach if they are still analyzing?

Compensation files for U.S. Postal Service workers might also have
been breached during a recent hack that exposed the Social Security
numbers and other personal data on about 800,000 USPS employees, a
postal inspector said Wednesday.

[...]

“We’re still conducting
forensic analysis of the impacted servers,” said Randy
Miskanic, incident commander on the case and the USPS secure digital
solutions vice president. “There is the possibility of additional
compromise, specifically as it relates to some workers’
compensation files.”

We have been so busy here at Risk Based Security recently that we
neglected to release
our latest Data Breach QuickView report to the public last month!
The report already shows that 2014
is the highest year ever for exposed records. The 1,922
incidents reported during the first nine months of 2014 exposed over
904 million records. While 60.2% of breaches exposed only
between 1 and 1,000 records, twenty breaches exposed one million or
more records with four finding a place on the Top 10 All Time Breach
List.

About the Data Breach QuickView Report

The Data Breach QuickView report is intended to be an executive level
summary of the key findings from RBS’ analysis of 2014’s data
breach incidents. Contact Risk Based Security for your customized
analysis of the 2014 data breaches.

Unfortunately,
this response also fits the facts exactly: “Of course we can't
talk about it. We are doing something so illegal that the case would
get thrown out.” Looks like they tossed all of their evidence.
Good luck with the prosecution.

Baltimore prosecutors withdrew key evidence in a robbery case Monday
rather than reveal details of the cellphone tracking technology
police used to gather it.

The surprise turn in Baltimore Circuit Court came after a defense
attorney pressed a city police detective to reveal how officers had
tracked his client.

City police Det. John L. Haley, a member of a specialized phone
tracking unit, said officers did not use the controversial device
known as a stingray. But when pressed on how phones are tracked, he
cited what he called a “nondisclosure agreement” with the FBI.

“You don’t have a
nondisclosure agreement with the court,” Baltimore
Circuit Judge Barry G. Williams replied. Williams threatened to hold
Haley in contempt if he did not respond. Prosecutors decided to
withdraw the evidence instead.

Law
enforcement officials in Maryland and across the country say they are
prohibited from discussing the technology at the direction of the
federal government, which has argued that knowledge
of the devices would jeopardize investigations.

…
Some critics say the use of such technology might be appropriate,
with court approval, to help law enforcement locate a suspect. But
in the secrecy surrounding its use, they say, it's not always clear
that law enforcement officials have secured the necessary approval,
or stayed within their bounds.

…
Police say phone records show that the phone that was used to call
in the delivery was also used to make and receive hundreds of calls
to and from Taylor's phone. [If
the defendant had called Mom, would she now be a “co-defendant?”
Bob]

…
Finally, Seidel said prosecutors would drop all evidence found
during the search of the home — including, authorities have said,
a .45-caliber handgun and the cellphone. The prosecutor
said the state would continue to pursue the charges.

Wessler,
of the ACLU, said Williams was right to ignore the nondisclosure
agreement with the FBI.

"You
can't contract out of constitutional disclosure obligations,"
Wessler said. "A secret written agreement does not invalidate
the Maryland public records law [and] does not invalidate due process
requirements of giving information to a criminal defendant."

A
Hypothetical: All it took was a handshake in the middle east and we
have something far better than sanctions to put pressure on Russia.
(It's easy to out maneuver a country that thinks it does not need to
cooperate with anyone.)

… Russian wells will freeze if they stop pumping oil, and the
country cannot store the output it would otherwise export.

… But despite needing oil prices of $100 a barrel to balance its
budget, Russia has changed little since 2008 when the Organization of
the Petroleum Exporting Countries urged Moscow to join forces to cut
supply to shore up prices.

Then and now, the world's biggest producer lacks the ability to
increase or turn down its own production.

… Some experts argue that Russia could even need oil prices as
high as $115 to balance the budget, since social and military
spending have soared, while Western sanctions over Ukraine
have cut off Moscow from funds it borrows in Western financial
markets.

It's
common for people to purchase internet-connected security cameras to
monitor their houses and businesses. But what they often don't
realise is that the default
security settings on those devices can leave them wide open to for
anyone on the internet to view them.

The
smart home
market is currently full of innovative companies, all working to
create the best way to make your home more powerful and more
efficient, but they don’t always work together well.

…
you can buy the Wink
hub, a $50 smart home controller that unifies all of your
wireless devices — most of which had no way to communicate with
each other before. The hub allows them to “speak the same wireless
language,” letting you do some pretty cool things that involve
multiple devices (which we’ll get to below). Wink also offers a
$300
touchscreen relay controller that replaces a light switch in your
home; you can then control all of your connected devices from the
single relay point.

…
By using the Wink hub to link all of your devices together, you can
create sets of actions – a bit like your own private If
This Then That system for your home.

One
example that Wink gives on its website is having your lights and air
conditioning turn on whenever you unlock your front door. In
addition to combining these behaviors, you can also set timers for
various activities, so the blinds will go up and the kitchen lights
will turn on when you get up in the morning.

Google teaches ethics to
driverless cars. Can they react better than humans?

A
large truck speeding in the opposite direction suddenly veers into
your lane.

Jerk
the wheel left and smash into a bicyclist?

Swerve
right toward a family on foot?

Slam
the brakes and brace for head-on impact?

[Force
the truck to have 'self-driving' software? Bob]

It's
relatively easy to write computer code that directs the car how to
respond to a sudden dilemma. The hard part is deciding what that
response should be.

Legal
arguments – you try explaining them to my students. Think of the
poor cellphone user who worries that an ex-wife or the NSA will guess
his password, and so sets up security such that the fingerprint
confirms that he is the one entering the password. Is the
fingerprint protected in that circumstance?

A
couple of weeks back, there was a flurry of media coverage of a
Virginia state court opinion where the judge granted an order to
compel a defendant’s fingerprint to unlock his cellphone while
simultaneously denying a request to compel the defendant to turn over
his passcode. We requested a copy of the decision from the court,
which we’re posting for you today below.

In
his opinion, the judge addressed whether a cellphone’s passcode
and/or fingerprint authentication are testimonial
communication, and thereby covered by the Fifth
Amendment’s privilege against self-incrimination. In the end, the
judge determined that a defendant “cannot be compelled to ‘divulge
through his mental processes’ the passcode for entry” to data on
a locked cellphone. Disclosure of the fingerprint, however, “does
not require the witness to divulge anything through his mental
processes.” As a result, the judge ordered the defendant to
provide his fingerprint to unlock his cellphone.

What
do SAS, Cisco, Duke Energy and AT&T have in common? They are all
big proponents of the Internet of Things (IoT), also often called the
Industrial Internet.

The
central idea behind IoT
is that sensors and microchips can be placed anywhere and everywhere
to create a collective network that connects devices and generates
data. Instead of that data sitting in an information silo where it
is accessible to only a few specialists, it becomes part of a Big
Data "lake" where it can be analyzed in the context of
other information.

"The
Internet of Things means everything will have an IP address,"
said Jim Davis, executive vice president and chief marketing officer,
SAS.

He
laid out the value proposition for oil
rigs which generate eight terabytes of data per day. IoT
could open the door to greater productivity and more effective
predictive maintenance. If something breaks down, it can lead to
millions in losses. By placing sensors on rigs and monitoring them,
it is possible to better understand what’s happening and keep the
equipment running.

Not
All IoT Data Is Important

…
A key challenge with IoT,
he believes, is data management: determining what type of
data is important, what should be transmitted immediately, what
should be stored and for how long, and what information should be
discarded. Otherwise, you could end up with an almost infinite pile
of data to analyze, when only a relatively small portion is of real
importance.

Staples is now confirming that there was a malware-related breach,
although it’s offering scant additional information. “We are
continuing to investigate a data security incident involving an
intrusion into some of our retail point-of-sale and computer
systems,” Staples spokesman Mark Cautela tells Information Security
Media Group. “We believe we have eradicated the malware used in
the intrusion and have taken steps to further enhance the security of
our network.”

To date, however, Staples has declined to say how many of its more
than 2,000 stores in 26 countries – including 1,800 across the
United States and Canada – may have been affected by the breaches.
“The company is working with law enforcement and is investigating
whether any retail transaction data may have been compromised,”
Cautela says.

In a
new report, Trend Micro describes a thriving marketplace where
service providers offer to train customers to create remote access
tools and commit bank fraud.

"What
distinguishes the Brazilian underground from others is the fact that
it also offers training services for cybercriminal wannabes,"
according to the whitepaper. "Cybercriminals in Brazil
particularly offer FUD (fully undetectable) crypter programming and
fraud training by selling how-to videos and providing support
services via Skype.
Anyone who is Internet savvy and has basic computing knowledge and
skill can avail of training services to become cybercriminals.
How-to videos and forums where they can exchange information with
peers abound underground. Several trainers offer services as well.
They even offer support when training ends."

The
most popular course among aspiring cyber-criminals is related to bank
fraud, the report notes. Beginners start by learning the fraud
workflow and are then taught how to obtain the requisite tools and
knowledge to start stealing for R$1,499 (US$579). The report also
highlighted another 10-module fraud training course on "practically
everything cybercriminal wannabes need to know to start their digital
fraud career with the aid of interactive guides and practical
exercises (e.g., simulating attacks) is also offered for R$1,200
(US$468).support and lifetime updates and can be contacted via
Skype."

Attorneys for the hunting group Safari Club International faced an
uphill battle Monday in persuading the 9th Circuit to suppress a
video that its former president used to support defamation claims
against the group.

Noting
that interruptions to the conversation by waiting staff reflected
"usual" pauses in conversation, Judge Selna said there was
"nothing in Whipple's body language to suggest he was attempting
to maintain privacy."

"There
is no indication that either Rudolph or Whipple regarded the
conversation as confidential or took steps to conceal or limit the
hearing of the conversation," Selna wrote in his Jan. 16, 2014
ruling.

This
article from the digest looks at managing really Big Data that is not
logically organized.

Scalability:
The full index is more than 100 times larger than our real-time
index and grows by
several billion Tweets a week.
Our fixed-size real-time index clusters are non-trivial to expand;
adding capacity requires re-partitioning and significant operational
overhead. We needed a system that expands in place gracefully.

Apple
released a bevy of developer resources for the upcoming Apple
Watch Tuesday.

The
company released a WatchKit,
documentation and guidelines for developers alongside the new iOS 8.2
SDK. The WatchKit page includes a Getting Started with WatchKit
video outlining the new tools and how developers can build apps.

Have
you always dreamed of building your own video games? With the rise
of the indie game development scene, it’s easier than ever for a
single person working on a game to actually get noticed, but of
course, you need knowledge and skill to actually make your game ideas
a reality.

That’s
where this fantastic course bundle comes into play. It will allow
you to go from zero to hero in game development, and for a limited
time, you can get this massive bundle of game
development tutorials for $49, which is 99% off the
regular price of $989. Read on to find out exactly what you get in
this crazy deal.

A
report from Ericsson released Tuesday (Nov. 18) shows some startling
growth of Internet-connected devices in the U.S., with 90 percent of
U.S. households having three or more such devices, while almost half
have five or more such devices and almost 25 percent have seven or
more such devices. The report, as
reported by Recode, said the
average number of Internet devices per household was 5.2.

By 2020, 90 percent of the world’s population over 6 years old
will have a mobile phone, and smartphone subscriptions are expected
to top 6.1 billion, compared with 2.7 billion smartphone
subscriptions today.

India and China show fastest growth for new mobile subscriptions
with 18 million and 12 million net additions in Q3 2014

800 million new smartphone subscriptions in 2014 brings total to 2.7
billion worldwide

Spreading
hate speech just isn’t as easy as it used to be as a Missouri
chapter of the Ku Klux Klan found out when, after threatening
Ferguson protesters with violence, its website was knocked offline.
For that the Klan can thank the Anonymous hacking collective, which
also took control of the KKK’s social media presence and claimed to
leak personal information about members of the white supremacist
group.

…
“The Internet gives these groups more of a voice, there’s no
question about that,” said Mark Potok, a senior fellow at the
Southern Poverty Law Center and the editor of the award-winning
Intelligence Report journal. “Whether it actually gives them more
influence is highly debatable. The vast majority of people, as they
learn about these groups, are turned off by them.”

…
Still, the Anonymous
hacking collective was angry enough with the
Traditionalist American Knights of the KKK’s letter threatening
“lethal force” against Ferguson protesters to un-hood alleged
members of the group, posting names, addresses and phone numbers
online while also knocking multiple sites offline and taking control
of the @KuKluxKlanUSA Twitter feed.

That's
according
to a hearing which saw a site called CoastNews file a
lawsuit against Google, saying that it was knowingly lowering its
rankings in search results. It argued that it appeared at the top of
results created by Bing and Yahoo, and was being actively relegated
by Google.

But
Judge Ernest Goldsmith has
said that Google was merely undertaking a "constitutionally
protected activity." In other words, it was exercising its
right to free speech.

If
you have 300 million users, some of them will be way to the right on
the litigious scale.

On Nov. 13, a federal judge refused to toss an email harvesting class
action lawsuit filed against the internet company LinkedIn Corp.,
ruling the popular social media business could not claim immunity
under the Communications Decency Act (CDA). The proposed LinkedIn
class action lawsuit alleges the company broke
into LinkedIn users’ personal accounts in order to send
emails on the users’ behalf.

In addition to denying immunity to LinkedIn, U.S. District Judge Lucy
H. Koh also disagreed with the company’s argument that the alleged
email harvesting was protected under the First Amendment.

[...]

While Judge Koh has dismissed most of the claims in the LinkedIn
email harvesting class action lawsuit, the social media internet
service has prevailed on one count. The judge did dismiss
plaintiffs’ claims under California’s statutory right of
publicity, however, the plaintiffs have been granted permission to
amend their complaints under this statute.

LinkedIn has been a wildly successful social media business site for
many years. It provides a free platform for millions of members to
share professional experiences and for businesses to promote
themselves. However, LinkedIn’s financial success also makes it a
target for lawsuits — even suits that don’t seem to make much
sense.

LinkedIn Sued for Making Employment History Available

LinkedIn currently
claims that it “operates the world’s largest professional
network on the Internet with more than 313 million members in over
200 countries and territories.”

Its members voluntarily post their employment history (whether true,
embellished, or fabricated) as an online biography or resume. This
information is available both to LinkedIn members and Internet users
(depending on members’ LinkedIn settings).

A lawsuit was filed on Oct. 4, on behalf of a potential class in the
U.S. District Court for the Northern District of California, claiming
that LinkedIn violated the Fair Credit Reporting Act
(FCRA).

The basis of the suit is that “any potential employer can
anonymously dig into the employment history of any LinkedIn member,
and make hiring and firing decisions based upon the information they
gather, without the knowledge of the member, and without any
safeguards in place as to the accuracy of the information that the
potential employer has obtained.”

There
is no denying that the cloud and cloud computing have changed the way
many of us are doing business. You only had to attend last week’s
sold out AWS re:Invent conference in Las Vegas to see the cloud out
in force.

But
as the cloud matures, we are seeing another layer of cloud computing
that promises to shake the foundation of our IT infrastructure to its
core – the advent of IT-as-a-Service, which will be perhaps the
cloud’s highest calling.

“In
this unique anniversary
edition of the Quarterly, leading management
thinkers tackle the management challenges of tomorrow. Leaders
including author Tom Peters, former IBM CEO Lou Gerstner, eBay head
of HR Beth Axelrod, and The Second Machine Age authors Erik
Brynjolfsson and Andrew McAfee explore topics such as leadership, the
future of the organization, machine learning, long-term capitalism,
and global productivity.”

The
US State Department has shut down its entire unclassified email
system after a suspected hacker
attack. The email system was shut down it give techs time to
evaluate and repair any damage done by the hacking attack. The first
word of the attack came Sunday from a State Department official who
said that "activity of concern" had been noticed on the
email network around the same time as a similar incident targeting
computers at the White House was noticed.

If
you don't know what your employees are doing, or don't react
appropriately to unauthorized actions? This could happen to you!

As
this blog noted in July 2013, a jury awarded a Walgreens customer
$1.44 million after finding Walgreens and one of their pharmacists
violated the customer’s privacy. In this case, a female pharmacist
had looked up and shared the customer’s records when she suspected
the female customer had shared a sexually transmitted disease with a
man who was the customer’s ex-boyfriend and the pharmacist’s
now-husband. The customer
first discovered the breach when her ex-boyfriend (and father of her
child) texted her [Would
Walgreeens have discovered this on their own? Bob] that
he had a printout of her prescription history that showed she had not
renewed her birth control prescription for the two months prior to
conception.

When
the customer subsequently discovered that her ex-boyfriend was living
with a Walgreens pharmacist, she contacted Walgreens to report the
breach. Walgreens
investigated and confirmed there had been a breach, [So
they had the data they needed to confirm a breach, but hadn't
bothered to look at it? Bob] but could not confirm that
the pharmacist had shared the information with anyone else. The
pharmacist was given a written warning and required to retake some
HIPAA training.

The
customer, Abigail Hinchy, subsequently filed a lawsuit against
Walgreens and the pharmacist, Audra Withers.

As I
also noted at the time of the jury verdict, I was impressed that the
employer, Walgreens, was also held liable for the breach.

Not
surprisingly, Walgreens appealed the judgement. One of its four
arguments on appeal was that the trial court erred by refusing to
grant summary judgment or a directed verdict in Walgreen’s favor on
claims based on respondeat superior and negligent retention and
supervision of an employee. Its fourth argument was that the jury
verdict was excessive and based on improper factors.

On
November 14, Judge Baker of the Court of Appeals of Indiana issued
the court’s opinion
in Walgreens v. Hinchy,
rejecting all of Walgreen’s arguments and affirming the
judgement.

Readers
may find the court’s discussion of the respondeat superior aspect
interesting, as well as the types of harm the jury had
considered in determining their award (pp. 21-23).

Although
I do not have any information on this, I do wonder what the jury
might have done about Walgreens’ liability if Walgreens had fired
the pharmacist promptly on learning of the breach.

Telegram
is becoming a serious contender for the title of best free messaging
app,

…
To get full end-to-end encryption, in which Telegram never receives
an unencrypted version of your message, you can use what’s called a
secret chat. With the end-to-end encryption, the option to confirm
with your recipient that you’re using the same encryption key to
increase security, and the ability to set a self-destruct timer,
secret chats provide about as much security as you could ask for in
messaging, though this doesn’t allow for cross-platform messages.

…
There are always tradeoffs between convenience and security, but the
non-profit team behind Telegram aims to make them minimal. Even with
all of the security Telegram provides, it manages to be very
convenient. To get it up and running, you
just download the app, enter your phone number, and enter the
security code you receive by text. You’re now ready to
start messaging.

Nov 16 – We now require encryption for the sending SMTP server
(between you and us), if you are experiencing errors in sending,
ensure that your mail client is set up to use STARTTLS or SSL/TLS.

The reason for this change is two-fold, first, if you want to send
all your mail across an unencrypted connection, why are you using a
service like us? Second, because frankly, we could not find
definitive answers on the downgrade attack described here
with regards to all email clients, specifically during an auto-config
process. So, to just negate it, if the connection between you and us
isn’t encrypted at all, the send will fail.

Another
reason to love that company!

“It's
for the fish!” What if this technology could track your car as
easily? When your “black box” connects to the Internet of Things
tracking will be automatic.

…
on Friday, American non-profits SkyTruth and Oceana, supported by
Google, unveiled a prototype program called Global Fishing Watch that
will eventually allow anyone with a computer to observe which vessel
is fishing where—and perhaps infer whether they are poaching or
not.

“Our
goal is to make the invisible visible,’ John Amos, the president of
SkyTruth, told me.

…
According to the team, it will be possible for experts to go online
and zoom into areas like marine reserves where fishing is forbidden
or coastal areas where it’s restricted to vessels with permits by
next March.

The
program is based on the Automatic Identification System (AIS),
originally a voluntary collision-avoidance system for ships that
relies on VHF transmitters aboard vessels that transmit their
position, identity and speed continuously to other ships and to
satellites.

When
this guy says “comprehensive,” he means it! (Except he missed
the PrivacyFoundation.org)

Via
LLRX.com
– Guide
To Privacy Resources 2015 – Marcus P. Zillman’s guide is a
comprehensive listing of privacy resources currently available on the
Internet that impact your email, smartphones, websites, hard drives,
files and data. Sources include associations, indexes, search
engines as well as individual websites and organizations that provide
the latest technology and information to raise awareness of privacy
and security as you interact with others using the internet.

A
question for my Computer Security class. What could possibly go
wrong?

Facebook
is secretly working on a new website called “Facebook at Work” to
get a foothold in the office that will see the social network of more
than 1bn people compete directly with Google, Microsoft and LinkedIn.

The
Silicon Valley company is developing a new product designed to allow
users to chat with colleagues, connect with professional contacts and
collaborate over documents, competing with Google Drive and Microsoft
Office, according to people familiar with the matter.

The
new site will look very much like Facebook – with a newsfeed and
groups – but will allow users to keep their personal profile with
its holiday photos, political rants and silly videos separate
from their work identity.[Unless
someone looks for them... Bob]

For
my Statistics class. How to tell when people you survey are lying.

…
But a section of the study briefly addresses a statistic that proves
some of the people in the study must have been misreporting their
numbers. The study was of couples, and there was an equal number of
men and women. Yet the average number of intimate kisses per day
reported by the men was twice the number of those reported by the
women. This is a statistical impossibility. Men and women ought to
report the same average number of kisses, and you can prove that with
math. The fact that the numbers mismatch demonstrates that someone
in the study was either exaggerating or downplaying the number of
kisses they received, as the authors of the study helpfully point out

…
Have you ever thought about who makes the apps you love? Sure you
know Facebook
owns WhatsApp, but have you ever considered the humans who got it
started? That’s just what this infographic takes a look at. Get
ready for a fascinating look at the people responsible for the apps
we love.

“Information
design is about understanding data. Whether you’re
writing an article for your newspaper, showing the results of a
campaign, introducing your academic research, illustrating your
team’s performance metrics, or shedding light on civic issues, you
need to know how to present your data so that other people can
understand it. Regardless of what tools you use to collect data and
build visualizations, as an author you need to make decisions around
your subjects and datasets in order to tell a good story. And for
that, you need to understand key topics in collecting, cleaning, and
visualizing data. This free,
Creative
Commons-licensed e-book explains important data
concepts in simple language.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.